The most high-profile vulnerabilities tend to target either commonly used applications such as Adobe Acrobat and Flash Player or Windows itself, but in an attack which demonstrates that criminals are becoming ever more targeted, a vulnerability in Ichitaro, a popular Japanese language word processing application, has been exploited.

Like similar vulnerabilities in Microsoft applications, the vulnerability allows random code to be executed on affected systems by opening a specially crafted .JTD file (JTD is the extension Ichitaro uses for its files). This can allow a malicious user to take complete control of an affected system.

Targeted attacks that use this vulnerability have already been spotted. The malicious files have also been detected as TROJ_TARODROP.AV. This Trojan drops and executes BKDR_AHNSY.A. The backdoor can carry out the following commands upon receiving instructions from a third-party server:

Send/Receive information

Create, list, or terminate system processes

Download and execute malicious files

Ichitaro is the number 2 word processor in the Japanese market. At present, exploits using this vulnerability have only been spotted in targeted attacks. However, newly discovered vulnerabilities initially used in targeted attacks inevitably find their way toward more common, large-scale attacks.

Ichitaro has been affected by zero-day vulnerabilities in the past. These were found as early as 2006, with two separate incidents found a year later. Another vulnerability was found in 2009 as well.

The JPCERT Coordination Center has released an official bulletin via its JVNDB portal, an English translation of the contents of which can be found here. Justsystems,Ichitaro’s publisher, also released its own bulletin (English translation here). Updates for the 2009 and 2010 versions of Ichitaro are already available and patches for older versions will be made available at a later date.